Hello everyone
Those points are already discussed plenty of times here in this community and most likely boils down to own preferences. If you are used to use a product for 20 years, you are finding a new approach to be frustrating.
Most points are currently looked at and will be improved, if time is given but keep in mind, the main goal of a product like SFOS and UTM is to keep a customer secure. So the main focus of development costs are being invested in security features and some are going into quality of Life features.
I like to work with SFOS and like the improvements in handling certain instances. But again that is customer preferences.
You can use the UTM now for 3 years and re evaluate your options in 3 years, but what i am doing as a Sophos Employee (in Germany) for the past 5 years: Migrating customers to SFOS - And this works fine.
__________________________________________________________________________________________________________________
"as a Sophos Employee" and "sales engineer"... hmmmm sure that is where loyalty lies. XG is not showing a user interface that is supporting a system for "trust". Regardless of how great the "black box" is underneath, I'm not buying it.
"customer preferences" is bs... the functionality is clearly lacking. Yes UTM needs revision, but there is transparency in the product. I have no love for XG right now. I support Alessandro's post 100%
Having been it IT for 30+ years I know my stuff too in regards to everything IT/Application/Corp
Your statement " If you are used to use a product for 20 years, you are finding a new approach to be frustrating." is insulting
Maybe i phrased my first point wrong - Sorry for that - I just wanted to point out, i can understand, somebody, who used a product for 20 years found other products to be frustrating or illogical or something. I can now do some car analogies but you will get the point.
About the trust system: Trust systems basically goes hand in hand with NAC solutions. Home users often time do not have a NAC Solution. In SFOS you could do Radius Accounting SSO as well, which means, if a device is logged in via a WPA Enterprise service, you automatically take over the user information. Or the better approach, which most customers also choose - using the Sophos Endpoint to get the heartbeat. Thats the ultimate trust solution, as you can make sure, the device, you are logged in, is protected by Sophos and you get the user information based on this information:
For a home user, those systems are not available. UTM was build to be used as a standalone solution - SFOS is a game with different systems, which customers have in place.
Also you could use systems like STAS to get user information based on your AD.
__________________________________________________________________________________________________________________
Lucar, I honestly have no clue what you are trying to say here in the 2nd paragraph. I understand there is a possible translation loss here, so please rephrase your statement.
I mixed up two conversation about Trust in another thread, which was about NAC in UTM. You can ignore that part about NAC.
It was point about your point of "trust" and mixed trust with the Zero Trust approach.
__________________________________________________________________________________________________________________
We tried the XG twice in the last few years, and compared to the UTM it still is an inferior product. By doing so the workload for administrators triples, due to the lack of information, and the illogical way features are implemented.
For example, the separation between IPv4 and IPv6 means you have to do everything twice in a dual-stack environment, and keep manual documentation to make sure everything is and remains in sync, when added and when being maintained.
Also, the UTM is a comprehensive product for those without deep pockets, like our charity and non-profit client-base.
If there is not going to be a solution to use the UTM moving forwards (Sophos basically kills it on a fixed date by terminating the license, which I am not sure is even legal), we will advice and assist our client base to migrate away from Sophos.
Harro thankyou for making this point and statement.Yes I am in agreement with everything you have stated.
I have been through 2 install cycles with XT, one a few years ago at the suggestion of a Sophos provider, while having issues with a Sophos AP... this was a complete disaster and exercise in frustration... in the end I reformatted the box back to a UTM backup and threw out the AP. Then again recently after the announcement, I though maybe XG would be an improvement, but after meticulously working through each setting and layout and help documents... after 2 or 3 days I had no clue what was or wasn't working. Simple stuff like domain blocking based on a defined category wasn't easy to figure out... even the basic default settings on the XG seemed to think "pornhub" and adverts were okay... Management of "Adverts" seems to be non-existent. Setting up a user login, fixed IP, for a device/mac address seemed impossible... for me this is Network Security 101. I want complete control of who and what connects to my network and complete visibility and control of domain access. Especially mobile devices (Apple products are the worse), that seem to think they have free reign on any network they connect to. At least with the UTM Firewall I can create a hierarchy of mobile devices that have access to services to a certain point before a "Drop" is instated...
I sound like a broken record... I think I have said enough.